You are on page 1of 10

Vista Tips

By
The Technocrats
Windows XP Recovery Console Equivalents in Windows Vista
The Recovery Console has been deprecated in Windows Vista, so what happened to all those wonderful commands that were
available in recovery console? Well, we were kind of hoping that you wouldn’t need them anymore. But if you do, you’ll be glad to
know that most of them are available via the command line in the Windows Recovery Environment (WinRE). The recovery console
commands listed in the following table are different or unavailable in WinRE.
Recovery Console Command: BootCfg
WinRE Equivalent: BootRec /ScanOS; BootRec /RebuildBcd; bcdedit
Recovery Console Command: FixBoot
WinRE Equivalent: BootRec /FixBoot
Recovery Console Command: FixMBR
WinRE Equivalent: BootRec /FixMbr
Recovery Console Command: Map
WinRE Equivalent: DiskPart
Recovery Console Command: Logon
WinRE Equivalent: Not needed
Recovery Console Command: LISTSVC; ENABLE; DISABLE; SYSTEMROOT
WinRE Equivalent: Not available
All the remaining commands have the same name in WinRE. You can work around the unavailable services-related commands
(listsvc, enable, and disable) by using regedit to manually load the registry hive.

Enhance Windows Search with the Free Microsoft Filter Pack


The Windows Search service can be enhanced by installing the Microsoft Filter Pack, which provides additional IFilters to support
critical search scenarios across multiple Microsoft Search products. The Filter Pack includes the following IFilters:

Metro (.docx, .docm, .pptx, .pptm, .xlsx, .xlsm, .xlsb)


Visio (.vdx, .vsd, .vss, .vst, .vdx, .vsx, .vtx)
OneNote (.one)
Zip (.zip)

These IFilters are designed to provide enhanced search functionality for the following products: SPS2003, MOSS2007, Search
Server 2008, Search Server 2008 Express, WSSv3, Exchange 2007, SQL 2005, SQL 2008, and Windows Desktop Search 3.01.
When you install the Filter Pack (which you can download for free), the IFilters in the preceding list are installed and registered with
the Windows Search service. The Filter Pack is available for x86 and x64 versions of Windows Vista, Windows Server 2008,
Windows XP, and Windows Server 2003.

Use MoveFile and PendMoves to Move or Delete a File That


is Always in Use
Files can’t be moved when they’re in use by the operating system or an application. If a file is constantly in use, you can schedule
Windows Vista to move the file during startup using the MoveFile tool, which you can download for free.
Use MoveFile exactly like you would use the Move command. For example:
movefile file.txt test\file.txt

Movefile v1.0 - copies over an in-use file at boot time


Move successfully scheduled.
The file will not be moved immediately. However, the next time the computer is restarted, Windows will move the file. If you want
to delete a file that is constantly in use (a common requirement for removing malicious software), provide "" as the destination. For
example:
movefile file2.txt ""

Movefile v1.0 - copies over an in-use file at boot time


Move successfully scheduled.
The same download that includes MoveFile includes the PendMoves command, which displays moves and deletions that have been
scheduled. You can simply run the command without parameters, as the following example demonstrates:
pendmoves

PendMove v1.1
Copyright (C) 2004 Mark Russinovich
Sysinternals - wwww.sysinternals.com
Source: C:\Users\User1\Documents\file.txt
Target: C:\Users\User1\Documents\dest\file.txt
Source: C:\Users\User1\Documents\file2.txt
Target: DELETE
Time of last update to pending moves key: 2/27/2008 10:08 AM

Use the Netsh Command to Manage the Windows Vista


Firewall
If you need to make firewall settings repeatedly—on a single computer as conditions change or, perhaps, on a fleet of computers—
you’ll find working with Windows Firewall (the Control Panel application) or Windows Firewall With Advanced Security to be a bit
cumbersome. The Netsh command, using its Firewall or Advfirewall context, provides an alternative way to view or modify all
manner of Windows Firewall settings. For example, you can enable Windows Firewall with this command:
netsh firewall set opmode enable
The Netsh Firewall context can be considered the basic context, where you can find current firewall settings at a high level. It’s
roughly comparable to the Windows Firewall application in Control Panel. From the command prompt, you can see the basic
configuration by typing:
netsh firewall show config
To see more details about the configuration, use the Advfirewall context—the command-line counterpart to Windows Firewall With
Advanced Security. The Advfirewall context contains three subcontexts: Firewall, Consec, and Monitor. The Firewall subcontext can
be used to show the rule details for specific (or all) rules or set new values for existing rules. You can also add rules on the fly using
this subcontext. The Consec subcontext is used to work with connection security rules on the computer. The Monitor subcontext is
used to view and set security associations.
To view all of the rules within Windows Firewall from the command line (be prepared for a lot of output), type:
netsh advfirewall firewall show rule name=all
With dozens of keywords and options, the Netsh Firewall and Netsh Advfirewall commands are quite complex. The best way to learn
about the various possibilities is through the help available from the command line. You’ll need to do it in several steps, appending
another keyword each time. For example, start by entering netsh firewall ? at a command prompt. This returns a list of each of the
keywords that you can put after firewall—Add, Delete, Dump, Help, Reset, Set, and Show—along with a brief description of each.
Next you might typenetsh firewall set ? to learn about each of the Set options. Then you’d type netsh firewall set opmode ? and so
on, until you reach a screen that shows the command syntax and explains all the parameters for the command you’ve entered.

Enable Auditing for Security Events on Windows Vista


Systems
Windows Vista provides the ability to audit security events by recording attempts to access system resources. No events are written
to the Security log until you enable auditing, which you do via Local Security Policy. Even if you set up auditing for files, folders, or
printers, those events aren’t recorded unless you also enable auditing in Local Security Policy.
To enable auditing, follow these steps:
1. In the Control Panel, open Administrative Tools, Local Security Policy. Alternatively, you can type secpol.msc at a command
prompt, or simply begin typing local security in the Start menu Search box. Give your consent to the User Account Control (UAC)
prompt that appears.
2. Expand Local Policies and then click Audit Policy to display the list of activities you can audit.
3. Double-click each policy for which you want to enable auditing, and then select Success, Failure, or both.
Some activities, such as account management and policy change, can provide an audit trail for administrative changes. Others,
such as logon events and object access, can help you discover how to better secure your system. Still others, including system
events and process tracking, can assist you in locating problems with your system.

Use the Snipping Tool to Capture Screen Shots


You can use Snipping Tool (%SystemRoot%\system32\SnippingTool.exe) to capture a screen shot, or snip, of any object on your
screen, and then annotate, save, or share the image. Simply use your mouse (or tablet pen) to capture any of the following types
of snips:

Free-form Snip. Draw an irregular line, such as a circle or a triangle, around an object.
Rectangular Snip. Draw a precise line by dragging the cursor around an object to form a rectangle.
Window Snip. Select a window, such as a browser window or dialog box, that you want to capture.
Full-screen Snip. Capture the entire screen when you select this type of snip.

After you capture a snip, it's automatically copied to the mark-up window, where you can annotate, save, or share the snip.
When Snipping Tool is open, a white overlay appears on your screen until you capture a snip. To turn off the overlay, open Snipping
Tool, and then click Options. In the Snipping Tool Options dialog box, clear the Show screen overlay when Snipping Tool is active
check box, and then click OK.

Query and Manage Event Logs with the Windows Events


Command Line Utility
The Windows Events Command Line Utility (Wevtutil.exe) lets you retrieve information about event logs and publishers; install and
uninstall event manifests; run queries; and export, archive, and clear logs from an elevated command prompt. (The usage for this
command is described later in this sidebar.) Note that you can use either the short (ep /uni) or long (enum-publishers /unicode)
version of the command and option names, and all commands, options, and option values are case insensitive.

The general syntax for Wevtutil.exe is as follows:


wevtutil command [argument [argument] ...] [/option:value [/option:value] ...]

Here command can be any of the following:

al (archive-log) Archives an exported log.


cl (clear-log) Clears a log.
el (enum-logs) Lists log names.
ep (enum-publishers) Lists event publishers.
epl (export-log) Exports a log.
gl (get-log) Gets log configuration information.
gli (get-log-info) Gets log status information.
gp (get-publisher) Gets publisher configuration information.
im (install-manifest) Installs event publishers and logs from manifest.
qe (query-events) Queries events from a log or log file.
sl (set-log) Modifies configuration of a log.
um (uninstall-manifest) Uninstalls event publishers and logs from manifest.
Common options are as follows:

/r:value (remote) If specified, runs the command on a remote computer named value. Note that im (install-manifest)
and um (uninstall-manifest) do not support remote operation.
/u:value (username) Specifies a different user to log on to remote computer. Here value is a user name in the form
domain\user or user. This option is only applicable when option /r (remote) is specified.
/p:value (password) Specifies a password for the specified user. If not specified or value is "*", the user will be
prompted to enter a password. This option is only applicable when /u (username) option is specified.
/a:value (authentication) Specifies an authentication type for connecting to a remote computer. Value can be Default,
Negotiate, Kerberos, or NTLM. The default is Negotiate.
/uni:value (unicode) Displays output in Unicode. Value can be true or false (if true, output is in Unicode).

To learn more about a specific command, type wevtutil command /? at an elevated command prompt.

Know the Network Troubleshooting Tools in Windows Vista


Windows Vista contains an assortment of utilities you can use to diagnose, monitor, and repair network connections. Here’s an
overview of the key tools you’ll find in Windows Vista and what they’re used for.

Get MAC Address (Getmac.exe)


Discovers the Media Access Control (MAC) address, and lists associated network protocols for all network cards in a computer,
either locally or across a network.

Hostname (Hostname.exe)
Displays the host name of the current computer.

IP Configuration Utility (Ipconfig.exe)


Displays all current TCP/IP network configuration values, and refreshes DHCP and DNS settings.

Name Server Lookup (Nslookup.exe)


Displays information about Domain Name System records for specific IP addresses and/or host names so that you can troubleshoot
DNS problems.

Net services commands (Net.exe)


Performs a broad range of network tasks; type net with no parameters to see a full list of available command-line options.

Netstat (Netstat.exe)
Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, and IPv4/IPv6
statistics.

Network Command Shell (Netsh.exe)


Displays or modifies the network configuration of a local or remote computer that is currently running; this command-line scripting
utility has a huge number of options, which are fully detailed in Help.

PathPing (Pathping.exe)
Combines functions of Traceroute and Ping to identify problems at a router or network link.

TCP/IP NetBIOS Information (Nbtstat.exe)


Displays statistics for NetBIOS over TCP/IP (NetBT) protocol, NetBIOS name tables for both the local computer and remote
computers, and the NetBIOS name cache.

TCP/IP Ping (Ping.exe)


Verifies IP-level connectivity to another internet address by sending ICMP packets and measuring response time in milliseconds.

TCP/IP Route (Route.exe)


Displays and modifies entries in the local IP routing table.
TCP/IP Traceroute (Tracert.exe)
Determines the path to an internet address and lists the time required to reach each hop; useful for troubleshooting connectivity
problems on specific network segments.

Manage Scheduled Tasks with the SchTasks.exe Command


An administrator can use the SchTasks.exe command-line utility to create, delete, query, change, run, and end scheduled tasks on
a local or remote system through the command shell. The SchTasks.exe command interface uses the following syntax:
schtasks /{parameter} [arguments]

The Command Parameters Are:

/Create Creates a new scheduled task


/DeleteDeletes the scheduled task(s)
/Query Displays all scheduled tasks
/Change Changes the properties of scheduled task
/Run Runs the scheduled task immediately
/End Stops the currently running scheduled task
/? Displays this help message

Prevent Users from Deleting Browsing History and Clearing


Cookies
Browsers store many traces of the sites users visit, including cached copies of pages and images, passwords, and cookies. To
simplify removing these traces, Internet Explorer 7 provides a Delete Browsing History option that allows users to initiate cleanup
with one button, easily and instantly erasing personal data.
To delete browsing history, follow these steps:

In your browser, click Tools and then click Internet Options.


In the Internet Options dialog box on the General tab, click Delete in the Browsing History group.
In the Delete Browsing History dialog box, shown in Figure 21-15, delete only the objects you need to remove.
Alternatively, you can click Delete All.

You probably knew that already. But did you know you can disable these options?
If you don’t want users to be able to delete their browsing history, form data, or passwords, you can enable the following group
policy settings located in both Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\ and User
Configuration\Administrative Templates\Windows Components\Internet Explorer\:

Turn off ―Delete Browsing History‖ Functionality


Turn off ―Delete Forms‖ Functionality
Turn off ―Delete Passwords‖ Functionality

Remove Unwanted Toolbars and Fix Settings in Internet


Explorer
Remove Unwanted Toolbars
Internet Explorer and Windows Vista include several layers of defense to prevent unwanted software from modifying the Internet
Explorer configuration. If an unwanted toolbar does appear in Internet Explorer, you can disable it using the Add-on Manager.
Sometimes, however, the problem may be more persistent. If the problem persists, start Internet Explorer in No Add-ons mode and
then use the Add-on Manager to disable all add-ons that you have not intentionally installed.
In Internet Explorer 7, No Add-ons mode allows Internet Explorer to temporarily run without any toolbars, ActiveX controls, or
other add-ons. It is very useful when troubleshooting a problem that might be related to an add-on. To enable Add-ons Disabled
mode, follow these steps:

Open the Start menu and point to All Programs.


Point to Accessories, click System Tools, and then click Internet Explorer (No Add-ons).
Note the Information bar display in your browser that indicates add-ons are disabled.

Running Internet Explorer from the standard Start menu shortcut will return the functionality to its prior state.

Fix Unwanted Changes to Settings


If the home page or other settings have changed, you can reset all browser settings except for Favorites, Feed, Internet Connection
Settings, Group Policy Settings, and Content Advisor Settings by following these steps:

Close all windows except for one Internet Explorer window.


Click Tools and then click Internet Options.
In the Internet Options dialog box, click the Advanced tab.
Click Reset.
In the warning box that appears, click Reset.
Click Close and then click OK twice. Restart Internet Explorer.

To prevent unwanted changes in the future, ensure that you have all Microsoft Security Updates installed and are using anti-
malware software, such as Microsoft Forefront or Windows Defender.

Manage Volume Shadow Copy Service from the Vssadmin


Command-Line
You can manage the Volume Shadow Copy service using the Vssadmin command-line tool from an elevated command prompt. You
can use this tool to run the following commands:
Vssadmin List Providers Lists registered Volume Shadow Copy providers. Windows Vista includes Software Shadow Copy Provider
1.0.
Vssadmin List Shadows Lists existing volume shadow copies, the time the shadow copy was created, and its location.
Vssadmin List ShadowStorage Lists the volume shadow storage space currently in use, the space that is reserved for future use
(labeled as allocated), and the maximum space that might be dedicated. This space is used to store changes while a shadow copy is
active. The following sample output was generated using a computer that currently had about 3GB of files stored in a shadow copy,
but that might allocate as much as 6.4GB.
Vssadmin List Volumes Lists volumes that are eligible for shadow copies.
Vssadmin List Writers Lists shadow copy writers, which support communicating with the Volume Shadow Copy service to ensure
that files are captured in a consistent state. By default, subscribed writers include an operating system writer, a registry writer, a
WMI writer, and a search service writer, among others. SQL Server also provides a Volume Shadow Copy writer.
Vssadmin Resize ShadowStorage Resizes Volume Shadow Copy storage. You can use this command to increase the maximum
space that might be used by Volume Shadow Copy. Typically, this is unnecessary. However, if you discover that backups are failing
on a computer because of an extremely high volume of changes during a backup, and Vssadmin List ShadowStorage reveals that
the used Shadow Copy Storage space is at the maximum, you might be able to resolve the problem by manually increasing the
maximum size.

Troubleshoot Group Policy with GPLogView


GPLogView.exe is a command-line troubleshooting tool that you can use to dump Group Policy–related events logged in the System
Event Log channel and the Group Policy Operational Event Log channel. GPLogView.exe works only on Windows Vista; it is not
included with Windows Vista but GPLogView.exe is available as a free download. The command-line options for this tool are:
-? Shows this usage message.
-o [output file name] Output filename required for text, xml, or html; not valid if -m is specified.
-n Do not output the activity ID.
-p Dump the process ID and thread ID associated with each event.
-a [activity id guid] Shows only events matching the given activity ID.
-m Runs the tool in monitor mode displaying events in real time.
-x Dumps the event in XML; the only other options allowed with this option are –m and -a but not both together.
-h Dumps the events in HTML format; -m or -x option not allowed, and -a and -n are allowed, but not both together. Also must
specify -o option.
-q [Query file name] Uses the query specified by query file.
-l [Publisher name] If -q is specified, the publisher name must be specified.

The following examples illustrate the use of this tool:


GPLogView.exe -o GPEvents.txt
GPLogView.exe -n -o GPEvents.txt
GPLogView.exe -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.txt
GPLogView.exe -p -o GPEvents.txt
GPLogView.exe -x -o GPEvents.xml
GPLogView.exe -x -m
GPLogView.exe -x -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.xml
GPLogView.exe -h -o GPEvents.html
GPLogView.exe -h -a ea276341-d646-43e0-866c-e7cc35aecc0a -o GPEvents.html
GPLogView.exe -h -q somequeryFile.txt -l Microsoft-Windows-GroupPolicy -oGPEvents.html

Track and Analyze System Stability and Reliability with


RACAgent
Reliability Monitor gathers and processes data with the Reliability Analysis Component (RAC). The RACAgent is a hidden scheduled
task that is automatically configured during system installation. This task is responsible for gathering the reliability data and
displaying it in the chart view. The RACAgent task typically runs once every hour and will not wake the computer if it is sleeping. If
the computer is a laptop on battery power, RACAgent.exe will immediately exit if the battery capacity is at less than 33 perc ent.
To view the RACAgent task in Task Scheduler, select RAC within the Task Scheduler library and then right-click and select View –
Show Hidden Tasks in the MMC action pane.
If you do not want to track system stability, you can disable the RACAgent task by selecting the Disable option, which is accessible
in any of the following ways when the RACAgent task is highlighted in the main MMC pane:

Via the action menu


Via the action pane
Via the shortcut menu for the task

Best Practices for File Sharing in a Domain Environment


In an Active Directory environment, best practices for sharing files on Windows Vista computers include the following:

Turn off Network Discovery in a domain environment, as it can generate excessive network traffic that can interfere with
normal network activities.
Publish shared folders in Active Directory so that users can search for them in the directory and access them instead of
having to browse the network to find them.
Use Group Policy to prevent users on Windows Vista computers from sharing files on their computers from their user
profiles unless they are local administrators on their computers. For more information, see the section titled ―Managing
File Sharing Using Group Policy‖ earlier in this chapter.
Allow only advanced users the ability to share folders on their computers by giving them administrative rights on their
computers.

Note: Do not make users local administrators on their computers unless you understand the consequences of doing so. One
consequence is that they will be able to share folders and open firewall exceptions on their computers. Sharing folders from desktop
computers in a domain environment may mean that important documents are being stored on computers instead of on network file
servers, and since desktop computers are not normally backed up, this can mean lost work. Educate users to store files instead
within shared folders on network file servers where their work can be centrally backed up regularly.
High Availability Printing with the Print Management
Console
With Windows Vista client computers and the Windows Vista Print Management console, printer administrators can easily provide
users with high printer availability. This can be achieved by moving users from the print queues on one server to identical print
queues (for the same physical printers) on another server when the first server is unavailable.
First, use the Print Management console to deploy printers to a number of users using a Group Policy object (let’s say
\\ServerA\ColorPrinter, with GPO1) and link GPO1 to an OU with a number of users or computers.
Then, using the Print Server import/export tool, do a backup of a print server. In the Print Management console, right-click a print
server and select Export Printers To A File. All the print queues and printer drivers will be exported to a .printerExport file.
Alternatively, you can use the command-line tool Printbrm.exe (in %WinDir%\System32\spool\tools), either from the command line
or from Task Scheduler, to do periodic backups of the print server.
When a print server goes down because of a hardware failure, the administrator can easily move users to a new server. On the new
server (Server2), use the Print Management console to import the .printerExport file. New print queues will now be created (s uch as
\\Server2\ColorPrinter, if the old server had \\Server1\ColorPrinter).
Using the deployed printers functionality in the Print Management console, deploy the printers using GPO2. With the Group Pol icy
Management tool, disable the link to GPO1. The print queues from Server1 will be undeployed and the print queues from GPO2
(Server2) will be installed.
When the old print server is online again, the link to GPO2 can be disabled, and the link to GPO1 can be enabled.

Troubleshoot Slow Start Ups with Windows Boot


Performance Diagnostics
Sometimes, Windows might start correctly but might take an unusually long time to do so. Such a problems can be difficult to
troubleshoot, because there’s no straightforward way to monitor processes while Windows is starting. To help administrators
identify the source of startup performance problems, and to automatically fix some problems, Windows Vista includes Windows Boot
Performance Diagnostics.
You can use the Group Policy settings to manage Windows Boot Performance Diagnostics in an Active Directory environment. In the
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics
node, edit the Configure Scenario Execution Level policy. When this policy is enabled, you can choose from the following two
settings:
Detection And Troubleshooting Only Windows Boot Performance Diagnostics will identify startup performance problems and will
add an event to the Event Log, allowing administrators to detect the problem and manually troubleshoot it. Windows Boot
Performance Diagnostics will not attempt to fix the problem, however.
Detection, Troubleshooting, And Resolution Windows Boot Performance Diagnostics will identify startup performance problems
and automatically take steps to attempt to alleviate the problems.
If you disable the setting, Windows Boot Performance Diagnostics will neither identify nor attempt to resolve startup performance
problems. For Windows Boot Performance Diagnostics to function, the Diagnostic Policy Service must be running.
Settings for Windows Shutdown Performance Diagnostics, which function similarly to the Windows Boot Performance Diagnostics,
are located in the Computer Configuration\Administrative Templates\System\Troubleshooting And Diagnostics\Windows Shutdown
Performance Diagnostics node.

New Command-Line Switches for Sc.exe


You can use the sc.exe command to start, stop, configure, and manage various aspects of services in the same way that you can on
earlier versions of Windows. On Windows Vista, however, the sc.exe command has been enhanced with new command-line
switches.

New switches for specifying required privileges for a service include:


-privs Sets the required privileges for a service.
-qprivs Queries for the required privileges of a service.

New switches that support per-service SIDs include:


-sidtype Changes a service’s SID.
-qsidtype Retrieves the setting for service’s SID.

New switches to enable configuration of the FailureActionsOnNonCrashFailures setting include:


-failureflag Changes the setting of the FailureActionsOnNonCrashFailures flag.
-qfailureflag Retrieves the setting for the FailureActionsOnNonCrashFailures flag.
-showsid Displays the service SID string corresponding to an arbitrary name.
-stop This is an old setting that has been enhanced in Windows Vista to specify the stop reason. This enables postmortem reliability
analysis to find out reasons (by examining the event logged by the SCM with the stop reason) an administrator would stop a
service.

For more information about these new command-line switches for sc.exe, type sc /? at a command prompt.

Create an Ad Hoc Wireless Network


If you want to share information stored on your computer with other people nearby and everyone’s computer has a wireless
network adapter, a simple method of sharing is to set up an ad hoc wireless network. In spite of the fact that members must be
within 30 feet of each other, this type of network presents a lot of possibilities. For example, you might consider establishing an ad
hoc network at a meeting of mobile computer users so that you can share information with other attendees on their own screens
rather than an overhead projector. (After establishing the network, you can do this by using Windows Meeting, for instance.)
Ad hoc networks are by definition temporary; they cease to exist when members disconnect from them, or when the computer from
which the network was established moves beyond the 30-foot effective range of the others. You can share an Internet connection
through an ad hoc network, but keep in mind that the Internet connection is then available to anyone logging on to a computer that
is connected to the network, and thus is likely not very secure.

To set up an ad hoc network:


1. On the Start menu, click Connect To.
2. In the Connect to a network window, click the Set up a connection or network task.
3. On the Choose a connection option page, click Set up a wireless ad hoc (computer-to-computer) network, and then click Next.
(This option only appears on computers that have wireless adapters.)
4. Read the ad hoc network information, and then click Next.
5. Provide a network name, select whether the network is open or requires authentication, provide a security phrase if necessary,
and then click Next.

After Windows Vista sets up the ad hoc network, you have the option of sharing your Internet connection.
To disconnect from an ad hoc network, display the Connect To A Network window, click the ad hoc network, and then click
Disconnect.

Use Msconfig to Disable and Enable UAC


Msconfig.exe is a troubleshooting tool that can be useful for temporarily disabling UAC to determine whether UAC is causing an
application compatibility problem. To make the change, msconfig.exe simply modifies the registry value. To disable UAC with
Msconfig.exe, follow these steps:
1. Click Start, type msconfig, and then press Enter. The System Configuration tool opens.
2. Click the Tools tab.
3. Click Disable UAC and then click Launch.
A command window appears, and shortly thereafter, a notification bubble appears informing you that UAC is disabled. Restart your
computer to apply the change.
To re-enable UAC with Msconfig.exe, follow the preceding steps, clicking Enable UAC instead of Disable UAC.

Know the Tools You’ll Need to Deploy Windows Vista


You will use the following tools when you prepare images and deploy Windows Vista throughout your organization:
Sysprep This is the updated version, modified for Windows Vista.
Setup A new installation tool for Windows Vista that replaces WINNT and WINNT32.
ImageX The new command-line tool for creating WIM images.
Windows SIM A tool for creating and modifying Unattend.xml files.
PEimg The tool for customizing Windows PE 2.0 images.
Windows DS The new version of RIS, which adds the ability to deploy Windows Vista images as well as Windows PE 2.0 boot
images.
Pnputil This is the new tool for adding and removing drivers from the Windows Vista driver store.
Pkgmgr Use this new Windows Vista tool for servicing the operating system.
Ocsetup Replaces Sysocmgr and is used for installing Windows components.
Bcdedit A new Windows Vista tool for editing boot configuration data.
Application Compatibility Toolkit 5.0 Use this updated tool to assess whether or not your applications are compatible with
Windows Vista.
User State Migration Tool 3.0 An updated tool for capturing and restoring user state.
BitLocker The full-volume drive-encryption capability included in Windows Vista Enterprise and Ultimate editions.

You can forget about using these tools:


Remote Installation Services (RIS) RIS has been replaced by Windows DS, but Windows DS still offers legacy support on
Windows Server 2003.
Setup Manager and Notepad Use Windows SIM instead for editing unattended setup configuration files.
Winnt.exe and Winnt32.exe Use Setup instead.
Sysocmgr Replaced by Ocsetup and Pkgmgr.
MS-DOS Boot Floppies Forget them. Use Windows PE

Delete Files Permanently with SDelete


When you delete a file, Windows removes the index for the file and prevents the operating system from accessing the file’s
contents. However, an attacker with direct access to the disk can still recover the file’s contents until it has been overwri tten by
another file—which might never happen. Similarly, files that have been EFS-encrypted leave behind the unencrypted contents of the
file on the disk.
With the SDelete tool, which you can download for free, you can overwrite the contents of free space on your disk to prevent
deleted or encrypted files from being recovered.
To use SDelete to overwrite deleted files on the C drive, run the following command:

sdelete -z C:
SDelete - Secure Delete v1.51
Copyright (C) 1999-2005 Mark Russinovich
Sysinternals - www.sysinternals.com
SDelete is set for 1 pass.
Free space cleaned on C: